The “Manage VDC default roles” privilege will control access to the Default role tab when editing an allowed datacenter or public cloud region for a tenant. For example, without this privilege the tenant administrators will not be able to modify the default roles assigned by cloud administrators. (In Abiquo 4.7.1 the privilege name changes to "Manage enterprise datacenter default roles").
The minimum default role will ensure that a user cannot create VDCs that they will not be able to work with. This is especially useful for cloud providers where VDCs always incur base costs even when they are not in use, for example, AWS charges for the Elastic IP of the NAT gateway. The platform will block users from creating VDCs if the default role will apply to the user and the default role is a Viewer role. This effectively means that if users will have very limited access, an administrator will need to create their VDCs.